Log4Shell (CVE-2021-44228) - The Complete Course

Ethical Hacking - Knowing, Identifying and Exploiting Log4Shell Vulnerabilities | Pentesting Methodology | Cybersecurity
What you'll learn
Know what is Logging, Log4J and Log4Shell;
Create a Virtual Hacking Lab;
How to exploit Log4Shell - Step by Step;
Exploit Log4Shell Locally on a Windows Environment (Minecraft Server);
Exploit Log4Shell Locally on a Linux Environment (Ubuntu Web Server);
Exploit Log4Shell Remotely;
Create tunnels with Ngrok;
Security Assessments and Pentesting Methodology;
Identifying Log4Shell vulnerabilities manually and with automation;
How to mitigate Log4Shell;
Requirements
Operating System: Windows / OS X / Linux;
Memory (RAM): 6Gb;
Basic IT knowledge;
Knowledge on hacking or programming languages, not needed;
Description
On this course we will learn about what Log4Shell vulnerabilities are and how to identify and exploit this vulnerabilities in a security assessment point of view.
--> We start by learning the theoretical concepts about this vulnerability.
--> Then, we are going to create our hacking lab with virtualized environments. Here, we will use Oracle Virtual Box to create 3 virtual machines. The first virtual machine will be running Kali Linux and it will be our hacking machine, from which we will exploit Log4Shell vulnerabilities. The second virtual machine will be running Ubuntu Desktop and it will be one of the victims machine, which will be running a Log4Shell vulnerable web application. The third virtual machine will be running Windows 11 and it will be one of the victims machine, which will be running a Log4Shell vulnerable Minecraft Server.
--> Then, we will learn how to exploit Log4Shell vulnerabilities and so, perform the following attacks: Log Manipulation, Out-Of-Band (OOB) Interactions , Ourt-Of-Band (OOB) Interactions With Data Exfiltration and Gaining a Shell. Here, all the attacks will be explaned step by step.
--> Then, we will learn about pentesting and security assessments methodologies, focusing on the identifications of Log4Shell vulnerabilities.
--> Finally, we will learn how to mitigate Log4Shell vulnerabilities.
This course is mainly focused on aquiring knowledge through practical exercises, which i do believe that is the best way to learn. Hope you enjoy it!
Rui Carreira
Who this course is for
Anyone interested in cybersecurity;
Beginner, Intermediate and Advanced Web Developers & Network Administrators
Security Analysts, Pentesters and Bug Hunters
IT technicians in general
Homepage

https://www.udemy.com/course/log4shell/